links

We are researching and developing techniques and methodologies to apply cognitive analytics and IBM Watson technologies to challenging security problems.

Cognitive Security Analytics

Security analysts in a security operations center (SOC) investigate many cyber security incidents every day. Many of them may be originating from false positives of a detection system, whereas for others, they spend significant amounts of time on identifying relevant information and data mining surrounding events or incidents to understand the bigger picture.

We are researching on how we can support SOC analysts in providing them a companion (or co-pilot) assisting them with recommendations and suggestions based on cognitive reasoning, i.e., to reduce the analysts' workload and provide them with insights about a given incident that they would not be able to produce under existing time and complexity constraints. The methods and tools we research on perform activities such as understanding, learning, and reasoning over on-going and past security incidents and events in a SIEM system (IBM QRadar) and combining them with insights obtained from the Security Knowledge Graph (Watson for Cyber Security).

Security Knowledge Graph

A tremendous amount of security knowledge resides siloed in different repositories, such as threat intelligence databases, malware sandbox reports, threat reports released by security vendors, or blogs. Security analysts are required to search these systems manually, keep track of the findings, and correlate over them to identify actionable insight.

We are researching on methods to consolidate, correlate, and reason over vast amounts of security intelligence data extracted from hundrets of millions security documents (unstructured and structured) leading to billions of facts.